Security and privacy are becoming paramount issues in personal computing. It is now a common occurrence for security flaws to be uncovered in the bulletproof security of computing and Internet systems. This puts private and personal data at risk.
Several schemata are conventionally used to keep a user's files secure. Requiring a username and password for access to files and websites is now in widespread use. However, a typical user has many types of personal data files associated with many types of computing applications, each requiring a different password. Since it is unwise to use the same password for many different secured resources, the typical user ends up with a multitude of passwords—too many too remember. Thus, a user may record the many passwords, putting the resources they protect at risk if an unintended person finds the cache of passwords. Passwords can also be guessed, there are even legendary hackers known for this ability. Further, malicious background processes that read keystrokes as passwords are being entered by the user are relatively common.
Encryption per se is another technique for protecting private data resources. In a sense, encryption and password protection are very closely related. Often the only difference is that part of a password may contain a word familiar to the human, providing a human memory device, while an encryption key is often purely random, consisting of random numbers and symbols. Password protection is often a front-end for encryption, that is, the encryption key is often derived from a form of the input password. Guessing an encryption key can be automated, so that if the password or encryption key is too simple, then it is at risk.
One of the problems with security key infrastructures is that the “combination to the safe,” i.e., private keys, must be stored somewhere. For most computing systems, but especially for typical end-users with limited resources, the storage place for security keys is usually on the same hardware that stores the personal data being protected. Although encryption algorithms can be very strong, even the a remote possibility that an encryption key could be discovered and exploited to open private information on the same machine as the key disturbs the security-minded user's peace of mind.
The more sensitive the private data, the greater looms the apprehension that someone with enough time could garnish resources to break into the private data. In other words, a feeling of perfect security is difficult to obtain when the user does not know the current state of decryption arts or the sophistication of deciphering tools available to hackers, government agencies, and manufacturers of the user's equipment and software.
Hardware security solutions have been tried, but these are usually either awkward or easily worked around. Removing the media that contains the sensitive information from the host computing device, for instance, can provide a greater vulnerability than the pitfalls of password and encryption schemes. Physical locks that lock out, e.g., the keyboard, are easily circumvented and are no longer even offered as options when purchasing a computer.
Hence, although there is always a need for stronger data security, there is especially a long felt need for a device or technique that provides a user with a higher degree of peace of mind—a feeling of certain security, wherein the user can know more absolutely that personal data is secure even if the private information is stored far away from the user and even if the computing device that stores the private information has been confiscated, stolen, or inadvertently given to charity.